agenttesla | 8e3e00075143d3fd621479fb61188c41560186ce1877e83e9d1e938b866adef6 | Triage

Submit
Reports

Overview

overview

Static

static

3

0d1fa23054...18.exe

windows7-x64

0d1fa23054...18.exe

windows10-2004-x64

Sharing

General

Target

0d1fa230547e8327115e01b3f5956133_JaffaCakes118
Size

498KB
Sample

240328-xb5h5sdc7s
MD5

0d1fa230547e8327115e01b3f5956133
SHA1

a2942ed55a16fd4b0ca9ac6b7552fbeb5509ecb7
SHA256

8e3e00075143d3fd621479fb61188c41560186ce1877e83e9d1e938b866adef6
SHA512

7dd223bb25b6ad0f7ec0beb6880ba0fc29404cae8f5548745172f7ae04abe34668e4b3183f3869c4dabf4fcd7fd512976363d4909bd9156b47625598e259a414
SSDEEP

6144:FuxpYkSlNpfOCgxdx1ZcGv9WMPznQIGHnmC7I85eVmftpQ6cxHn8eI+mOmFzivqb:F35OCgLxbZvTgzEeqmf3Q7vsFz2qb

Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

0d1fa230547e8327115e01b3f5956133_JaffaCakes118.exe

Resource

win7-20240221-en

agenttesla collection keylogger persistence spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

0d1fa230547e8327115e01b3f5956133_JaffaCakes118.exe

Resource

win10v2004-20240226-en

agenttesla collection keylogger persistence spyware stealer trojan

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
smtp.mail.ru
Port:
587
Username:
Businessgroup84@mail.ru
Password:
xxxlahot2

Targets

- Target
  
  0d1fa230547e8327115e01b3f5956133_JaffaCakes118
- Size
  
  498KB
- MD5
  
  0d1fa230547e8327115e01b3f5956133
- SHA1
  
  a2942ed55a16fd4b0ca9ac6b7552fbeb5509ecb7
- SHA256
  
  8e3e00075143d3fd621479fb61188c41560186ce1877e83e9d1e938b866adef6
- SHA512
  
  7dd223bb25b6ad0f7ec0beb6880ba0fc29404cae8f5548745172f7ae04abe34668e4b3183f3869c4dabf4fcd7fd512976363d4909bd9156b47625598e259a414
- SSDEEP
  
  6144:FuxpYkSlNpfOCgxdx1ZcGv9WMPznQIGHnmC7I85eVmftpQ6cxHn8eI+mOmFzivqb:F35OCgLxbZvTgzEeqmf3Q7vsFz2qb
Score

10^/10

agenttesla collection keylogger persistence spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- AgentTesla payload
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

agentteslacollectionkeyloggerpersistencespywarestealertrojan

behavioral2

agentteslacollectionkeyloggerpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy